Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN268
_____________________________________________________________________

DATE                : 06/03/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Flow (Nextcloud) versions prior
                                      to 1.3.0.

=====================================================================
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g7vj-98x3-qvjf
_____________________________________________________________________

Remote code execution in Nextcloud Flow via vulnerable Windmill
version

High
nickvergessen published GHSA-g7vj-98x3-qvjf Mar 6, 2026

Package
Flow (Nextcloud)

Affected versions
>= 1.0.0, >= 1.1.0, >= 1.2.0

Patched versions
1.3.0


Description

Impact

An unauthentified attacker, can find the SUPERADMIN_SECRET and use
it to login as a super admin. This could allow the attacker to
compromise the server within the Flow container and

    read arbitrary files,
    leak the windmill_users_config.json file containing admin tokens
in plaintext,
    and use the leaked tokens to achieve remote code execution as
root within the container.


Recommendation

To prevent attackers from exploiting the reported issue, we strongly
recommend that the Nextcloud Flow app is upgraded as soon as
possible to the 1.3.0 release, which was released 13. January 2026.
Until the upgrade, the Flow external app should be disabled and the
container turned off.


Workarounds

The only workaround is to disable the Flow app and make sure the
container is turned off and does not restart


Severity
High
8.8/ 10

CVSS v3 base metrics
Attack vector
Adjacent
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID
CVE-2026-29059

Weaknesses
No CWEs

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================